Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense VLAN configuration & troubleshooting

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    5 Posts 3 Posters 587 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tigerT
      last edited by

      new to vlan configuration and needing a little direction.... this is my first attempt/experience with vlans.

      i have pfsense (virtualized -proxmox). proxmox interfaces have vlan aware enabled.

      i have created/configured vlan (2) interfaces on vtnet0 - wan interface. created firewall rule any to any, with exception for ipv6 traffic block. dhcp server has been enabled.

      i have a managed switch that has been configured with default vlan and vlan2. it appears that the switch is handling the vlan routing internally. devices on vlan2 can communicate but cannot communicate with vlan1 (desired behavior).

      with port 1 untagged (default and vlan2) i am able to connect to pfsense and access the internet, but vlan2 is not receiving ip from proper subnet.

      if i enable/change port 1 to tagged (for vlan2 or vlan1 or both). i am no longer able connect to pfsense or access the internet.

      I have followed multiple guides, but at this point i am kind of lost.
      Screenshot from 2023-02-17 12-00-01.png Screenshot from 2023-02-17 12-00-42.png Screenshot from 2023-02-17 12-01-13.png Screenshot from 2023-02-17 11-59-45.png

      johnpozJ J 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @tigerT
        last edited by

        @tigert first thing is vlan 1 is bad choice to use for a tagged vlan. this is the normal default vlan on any smart switch that understands vlans. And is untagged - you should pretty much never see vlan 1 as tagged.. So use some other tag.. Common practice in small networks is use say the network octet as you vlan ID. Your network there 192.168.20.0/24 would use say vlan ID 20..

        So for example my networks are 192.168.2, .3, .4, .5, .6, .7 8 and 9.. Most of these are not tagged on pfsense and only in my switch infrastructure but I use the vlan IDs 2, 3, etc.. for them.

        I don't know enough about proxmox and vlan settings - but you want to make sure that proxmox passes the tags to pfsense if pfsense is going to look for the tags.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 1
        • J
          Jarhead @tigerT
          last edited by

          @tigert Why are you putting them on your WAN?

          johnpozJ 1 Reply Last reply Reply Quote 1
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Jarhead
            last edited by

            @jarhead great question - but doesn't really matter what interface a vlan comes in on.. Be it the one where your wan comes in, or where your lan comes.. You would think normally they would be on the lan interface if they are lan side networks. But if all depends on where the vlans are coming from in your switching environment

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tigerT
              last edited by tigerT

              why on WAN? uh... no reason. :) somewhere i obviously got confused.

              changed to LAN interface and all appears to working correctly!

              Thanks for the input and quick response.

              SOLVED

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.